internal-comms
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest data from attacker-controllable sources without any isolation or sanitization protocols. 1. Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdspecifically instruct the agent to gather content from Slack posts, Google Drive documents, and internal emails. 2. Boundary markers: Absent; there are no instructions to use delimiters or to treat the ingested data as non-executable text. 3. Capability inventory: The agent is intended to generate communications (newsletters, FAQs, updates) that are distributed company-wide, providing a significant impact for any successful injection. 4. Sanitization: Absent; no instructions are provided to filter or validate content. - [Data Exposure & Exfiltration] (MEDIUM): The skill processes highly sensitive internal company information. While it lacks explicit exfiltration code, an indirect prompt injection could exploit the agent's capabilities to exfiltrate summarized sensitive data if the agent has network access.
Recommendations
- AI detected serious security threats
Audit Metadata